Correct permissions for WordPress on LEMP?

February 6, 20143.4k views

I'm confused about how to set permissions for a WordPress install. I've got it setup and running very well on ubuntu based droplet using LEMP. The only issue I'm having is getting permissions correct. I went for the normal:
sudo chown www-data:www-data * -R
sudo usermod -a -G www-data usernamehere
That worked great, but stopped my user from creating files inside the WordPress install which I use for manually installing some plugins. I've also tried using:
sudo chown usernamehere:www-data * -R
However while that gives me permission it stops WP from uploading/updating. I've also used:
sudo chmod g+s directoryname
To make it so all files created in the folder by me are owned by the web server.
Can anyone recommend a good permission setup that will allow my user to create files, allow WP to update & upload but doesn't introduce any security issues? I know a decent amount about web servers but permissions are my downfall. Any help would be greatly appreciated.

WordPress is the most popular content management system (CMS) on the web currently. While WordPress can be a great way to manage you content, there are some very insecure configurations that are given throughout the internet. This article will cover how to set up secure updates and installations using SSH keys instead of FTP, which is an inherently insecure protocol.

What are the tweaks? I followed the tutorial you provided a link to and I'm still unable to install themes - have yet to even try anything else. I keep getting "Public and Private keys incorrect for wp-user"
I'm also using Nginx, with multiple server blocks on Ubuntu 14.04